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DefiniHoDS 



Several Terms of art appear frequently in the foUov^ing. For ease of reference they are 
defined here as follows: 

' Content" refers to mulximedia content This erm encompasses the various types of 
mfonnation to be processed in a muldmedia entertainment system. Content specificaDy 
refers to digitzed audio, video or still images in flie contexi of this discussion This 
information may be contained within files on a multimedia computer system, the files 
ha\-ing a particular format specific to the modality of the content (soimd. images , moving 
pictures) or the type of systems, computer or otherwise, used to process the content 

"Digitized" refers lo content composed of discrete digital samples of an otherwise analog 
media, which approximate that media inside a computer or other digital device. For 
instance, the sound of music occurs naturally, and is experioiced by humans as an analog 
(continuous) sound wave The sound can be digitized into a stream of discrete saraples, or 
mmibers, each of which represents an approxunate value of the amplitude of the real 
analog wave at a particular instant in time. These samples can be stored in files in a 
computer and then used to recreate the origmal sound wave to a high degree of accuracy. 
In general, content entering a digital system is digitized by Analog to Digital converters 
(A/D> and analog media are recreated by the digital system using a Digital to .'Analog (D/A) 
converter. In the context of fliis discussion content is always digitized contesnL 

'Cryptography" is a field covering nimierous techniques for scrambling information 
conveying messages so that when the message Ln conveyed between the sender and 
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A "Public Key Cr>T)tosystem" is a particular cr^'ptDgraphic system where all parties 
f3> ^^^pairs of keys for enco'ption and decryption. Parties to this type of system freel>' 

A 

1 0 distribute their public keys . which other may use to encrypt messages to the owner of the 
public ke}'. Such messages are decr^^^ted by tfie reciever with titie private key Pri\ ate keys 
aie never distributed. A message encrypted with a public key can only be decr>'pted witii 
the corresponding private key, arid vice versa A message aicnpted with a priN ate kw is 
said to have been signed by the owner of that key. .Anyone in possession of the public key 

15 may decr>Tpt the message and know that it was encrypted, and thus signed, by tiie owner of 
the public key. smce onl>^ they possess the corresponding private key. 

"Stei^anoCTaphy" is a field distinguished from cr\7»tography, but associated with it, that 
covers nxmierous methods for hiding an informational message withm some other 
20 medium, perhaps another unrelated message, m such a manner that an unintended paru' 
who miercepts the medium caro'ing the hidden message does not know it contains this 
hidden message and therefore does not obtain the information in the hiddoi message. In 
other words, steganography seeks to hide messages in plain view. 
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5 Background of tiie Iiivenlioii 



111 the cuirent euv ironnient of computer netw orks and Uie proUferation of dioit;il or 
digitized niultiniedia content vvliicli may be dL<:tributed over such networks, a ke\ issue Ls 
10 copyright protection. Copyright protection is tlie ability to prevent or detei- the proliferaUon 
of luiauUiorized copies of copyrighted works. It provides a reasonable guarantee Uiat Uie 
auUior of a copyrighted work will be paid for each copy of that work. 

A fimdamenlal problem in Uie digital world, ;is opposed to Uie world of physical media, is 
15 Uiat a imlimiied number of perfect copies may be made from any piece of digital or 

digitized content A pei fect copy means tiiat if Uie original is compiLsed of a given s&eam 
of uunibers. Uien Uie copy matches Uie original, exacUy. for each number in Uie stieam. 
Tluis. Uiere is no degradaUon of Uie original signal during Uie copy operation. In an analog 
copy, random noise Ls always introduced, degrading die copied signal. 
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Tlie act of making unlicensed copies of some content, digital or analog. wheUier audio, 
video, software or other, generally known as piracy- Pinicy has been committed for Uie 
puipose of eiUier profit fi om Uie sale of such unUceiised copies, or to procure for Uie 
"pij ate" a copy of Uie content for personal use wiUiout having paid for it 

The problem of piracy has been made much worse for any type of content by ttie 
digitization of content Once content enters Uie digital domain, an unlimited number of 
copies may be made wiUiout any degradation, if a pirate finds a way to bieiUc whatever 
protection scheme was established to guaid against such abuses, if any. In Uie analog 
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world, lliere is genenilly a degradation iii tlie content (sign;il) wiili each successive cojn . 
imposing a sort of naaiml liniit on volume of pirac}*. 

To date, Uu ee general t}'pes of schemes have been implemented in an attempt to pj oteci 
copyrights. 

1 ) Encryption 

2 ) Copy Protection 

3 ) Content Extensions 

Copy Protection and Content Extensions generally apply in tlie digital world only, while a 
scheme related to EncTj'ption, commonly known as scrambling, my be applied to an 
iuialog signal. Tliis is typiciil in imalog aible systems. 

Encrj-ption scTambles the content. Before the content is made ready for delivery, wlietlier 
on floppy disk, or over a network, it must be enciypted, or scrambled. Once tlie content 
has been enciypted, it camiot be used until it is deaypted, or unscrambled. Encrypted audio 
tiata might soimd like incomprehensible screeching, while an encrypted picture or video 
might appear as rajidom patterns on a scTeen. Tlie principle of encryption is tliat you are 
free to make as many copies as you want, but you caift read aiiytliiiig tliat makes sense 
luitil you use a special key to deaypt, and you can only obtain the key by paying for llie 
content. 

Encr)'ption Iras two problems, however. 1 ) Piiates have historically found ways to crack 
encr}'ption. in effect, obtaining tiie key witliout havuig paid for it; and 2) Once a shigle 




^ legitimate copy of some content has been deciypted. a pij ate is now tree to make milimited 
copies of tlie decrj^pted copy. In effcci. ui order to sell an unlimited qiiimtit}- of an 
enciypted piece of software. tJie pii ate could simply buy one copw which tlie\ die entitled 
to decr\'pL 

10 Copy Protection includes vaiious metliods bv which a softwaie ensineer can write Uie 

sof:ware in a clever manner to determine if it has been copied, and if so to deactivate itself. 
Also included are luidocumented changes to tlie storage fonnat of tlie content. Copy 
protection was genq;;ally abandoned by tlie softwaie industr}\ since pirates weie genenilly 
just as clever as tlie software engineers and figured out ways to modify' tlieii- softwaie and 
1 5 deactivate tlie protection. The cost of developing such protection was not justified 
considering tlie level of pii;Ky^ which occuired despite tlie copy protection. 

Content Extension refers to any system which attaches some extra information to tlie 
original content which indicates whetlier or not a copy may be made. A software or 
20 haidwaie system must be specifically built aiound tliis scheme to recognize tlie additional 
infonnation and intei-pret it in an a^>propriate nuuiner. An example of such a system is tlie 
Serial Copyright Management System embedded in Digital Audio Tape (DAT) hardware. 
Under tiiLs system, additional information Ls stored on tlie disc immediately preceding each 
track of audio content which indicates whether or not it can be copied. Tlie hardware reads 
23 this infomiation and uses it accordingly. 

A fundamental problem witli Encryption and Content Extension is tlie "rogue engineer". 
An employee who helped design such a system or an individual witli tlie knowledge and 
means to analyze such a system can modify it to isnore tlie copyright mfoniiation 
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D itltoceUier. aiicl nuike miliceiised copies of Uie cement. Cable pii-;icy L<; quite coimnoii. aidetl 
by illicit decoder devices buUt by those who understand the technical detiiils of die cable 
enciyj>Uon sj stem. AlUiough Uie c^ble systems in question were acmalh based on luialog 
RF signals, the saiue principle applies to digital systems. 

10 Tlie pracUcaJ considerations of weak encrypUon schemes and rogue engineers have sen ed 
to limit the faiUi which may be put in such copyright protecUon schemes. The invention 
disclosed herein serves to addiess Uiese problems wifli convenaonal systems for digit;il 
distiibution. It provides a way to enforce copyright online. The invention dravr^ oTT-^ 
teclmiques from two fields, cryptography, tlie art of scrambhng messages so tliat only tlie 
5 intended recipient may read Uiem, and steganogniphy, a temi applied to varioiLs teclmiques 
for obscmiiig messages so Uiat only tlie intended parties to a message even know Uiat a 
message has been sent, Uius it is leiiued herein as a stega-cipher. The stega-ciphei" is so 
n;imed because it uses the steganograpliic teclinique of hidmg a message in multimetlia 
content, in combination witli multiple keys, a concept originating in cnyptograj^hy. 
) However, instead of using the keys to encrypt Uie content. Uie stega-cipher uses Uiese keys 
to locate aie hidden message wiUiin Uie content. The message itself is eiicT\'pted which 
sen e.s to fiirtlier proctect Uie message, verify Uie validit}' of Uie message, and redistribute 
Uie intoniiation in a random maimer so Uiat anyone attempting to locate Uie message 
wiUiout Uie keys caimot rely on pre-supposed knowledge of Uie message contents as a help 
in locating it. 
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5 Siiininary of the Invention 



Tlie invention disclosed heieiii combines twp tecliniques, steganograpln' - obscuiing 
ijifonnation tJiat is otliei wise in phiin sight, and ayptography - scrambling iiifomiation tluil 
must be : mi over luiseciired means, in a maimer such Uiat only the intended recipient ma\ 
successfully unscTamble it. Tlie net effect of tliis system is to specifically wateniiaik a 
piece of content so tliat if it is copied, it is possible to determine who owned tlie original 
from which tlie copies were made, and hence detennine responsibilitx' for tlie copies. It is 
also a featuie of tlie system to uniquely identify tlie content to which it is applied. 

For a comprehensive discussion of ciy ptograpliy, its Uieon\ applications mid specific 
aigoriUmis, see APPLIED CRYPTOGR.A.PHY, by Bruce Schneier. which is herein 
iiicoq^orated by reference at pages 66-6S. 387-392. 

Siegiuiography is discnissed briefly in THE CODE BREAKERS by David Kalm, which is 
herein iiicoiporaied by reference at pages xiii, 81-83, 522-526, and 873. An example 
application. Stego by Ronuma Machado, is also available for Uie Apple Macintosh. Stego 
can be found at tlie internet luiiform resource locator "ftp://sumex-aim.stanford.edu/info- 
mac/cmp/stegol OaZ.hqx". Tliis application demonstrates a simple stegaiiogra[>hic teclmique 
to encode a text message into a grapliic^al image witliout significantly distorting the image. 

Tlie invention improves upon the prior art by providing a manner for protecting copyright 
in tlie digital domain, which neitlier steganograpliy or cryptography does. It miproves 
specificiilly on steganograpliy by making use of special keys which dictate exactly where 
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r> u illiiii a laj ijcr chuiik ol coiuent a message i> lo i>c hiiklcn. :uul ni:ike> tJie task ofexuaciuii: 
such a message v\'itJioLit Uie proper key llie ec|iiivalent of looking for a needle in a ha\-5iack. 

llie uifonnation encoded by tlie Slega-Cipher process senes as a v\*iiienmuk which 
identifies individual copies of content legally licensed to specific pailies. It is integral witli 
10 Qie contenL It cajuiot be removed by omission in a tiansmission. It does not add any 

overhead to signal transmission or storage. It does allow tlie content to be stored to ;ind 
used witli tj'aditional offline ajialog and digital media, witliout modification or signific;mt 
sigoiil degradation. These aspects of the stega-cipher all represent improvements lo tlie iiit 



lr> Tlie iiivcntion described liereiii Ls used for protecting ;uid enforcing copyrights in tlie digital 
or on-line domain, where tiiere aie no physical limitiitions on copying copyrighted contenL 

Tlie mvention imiquely identifies even* copy of multimedia content made using tlie 
iiiventioii, composed of digitized samples whetiier compressed or uncompressed, 
20 including but not limited to stiU digit;il images, digital audio, and digital video. 

llie invention is for use in meterware or pay-by-use systems where an online user incurs a 
\ chaige each time tliey access a pailicuhu- piece of content, or uses a software title. 

25 Tlie invention is for use as a general improvement to ayptographic leclmiques to iuciease 
tlie complexity' of cr\'tanalysis on a given cipher. 
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It is considered tliat Uie nietliod aiid steps of tlie present invention will be modified to 
account for tlie effects of lossy compression schemes on the sanij^les and p;irticularl\- 
includes modilioition to handle MPEG compressed audio and \ ideo. 

It is consideied tliat statistical data spreading and recover}' techniques, enor coding or 
spread spectrum processing teclmiques might be applied in tlie invention to handle die 
effects of lossy compression, or counter tlie effects of a randomization attack. 

It is considered Uiat tlie apparatus desaibed might be further specialized and optuiiized in 
hardware by replacing general purpose data buses and CPU or DSP driven operations witli 
liiudwiied circuiuy, incoiporated in one or more special puipose puipose ICs. 

It is considered Uiat Uie apparatus will be modeled and implemented in softwaie on general 
piupose computer platforms. 

It is considered tliai stega-ciplier hardware could be embedded in a consimier electronics 
device and used to not only identif\* content mul copyright, but to enable use of that content. 
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Detailed Description 



L Digital Copyright Stega-Cipher Protocol aiid the Decode/Encode Program 

Tlie pmpose of llie program desaibed here is to watemiiuk digital niulUinedia con lent lor 
distiibution to coiisuiiieis tluough onliue ser\'ices iii such a way as to lueettlie following 
aiteria 

Given a unique piece of mulLuiiedia content composed of digitized siuuples , it Ls desii able 
to: 

1 ) Uniquely identify tliis ]x\iticulai- piece of content from otlieis in a maimer which is 
secuie and undeniable (e.g. to know whelhei' a digital audio recording is "My Way" by 
Frank Sinatia. or "Stairway to Heaven", by Led Zeppelin), and in a maimer such that tliis 
identification can be performed automatically by an electronic device or mechanism. 

2) iMiiquely identify tlie copyright owner of llie content, and tlie terms mider which it may 
be dL<;ti ibuted m general, in a manner vvhich is secure and undeniable. 

3) At such time as is necessaiy, additionally, imiquely identifS^ in a secure and undeniable 
maimer tlie licensed publisher who received a particular copy of tlie content, and the temis 
under which tliey may redisu ibute or resell it. 




5 4) At such !iine is necessiu^ . additionally, ujiiquoh idenljiy m a st-viue luid ajulcniablc 
maimer, the licensed <?uh5criber wlio received a p;irticulai- copy of Uie content ft oni tJie 
jHiblisher described in item ?. 

Tlie program described in more detail below combines tlie teclinicjues ol ciytogiiipln iuul 

10 steganography to hide a securely encrypted digital copyright certificate which contains 

information satis fy'iiig tlie criteria listed above, in such a mamier as to be integral vvitli tlie 

content, like a watemiaik on paper, so tliat possession of tlie content dictates pbsTeS ioii of 

tlie watenuiuk infoiiiiation. In addition, tlie v\ atemiaik c;uuiot be "foimd" or successfully 

decoded, witliout possesion of tlie coirect "masks" or keys, available only to (liose 

15 legitimateh' aulliori^ed, luunely. tliose p;uties to a commercial Uimsaction involving tlie sale 

of a copy of tlie content. Finally, tlie abilit}' to distribute such watermarked content in a 

system which implements tlie wateiiiuuk scheme is denied witliout a successfully decoded 

watemiaik. Because well known and tested cryptographic techniques aie used to protect tlie 

ceilificate itself, tliese ceitificates are viitually impossible to forge. ^ 

S 

^0 

Tlie basic program represents a key piul of tlie invention itself. Tliis program is (lien used 
as tlie metliod by which copyright information is to be associated in an integral manner 
wiili tlie content Tliis is a concept absent from copyprotection, encryption and content 
extension schemes. The copyriglit information itself can be made undeniable and 
25 imforgeable using cr}'ptographic techniques, so that through it an audit ti-ail of owners hij^ 

my be established for each copy of a given piece of content, tlius customizing each copy to 

a particulai* o\^'ner. in a way tliat can be used to identif}/^ tlie owner. 
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5 Tlie value of tlie stega-cipher dial it provides a wa\' to walennaik Uie conteiii iii a w a\ 
tliat changes it slightly, but does not impact hiinian perception signifiaintJy. And, 
furtiiennore. tliat it is made difficult to defeat since one must know exactly where tlie 
information resides to extract it for analysis and use in forgen' attempts, or to remove it 
widiout overly degrading tlie signal. And, to tr}' to forge copyright infonuation one must 
10 first be able to analyze the encrj'pted copyright information, and in order to do tliai, one 
must be able to fuid it, which requires masks. 
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^ II. Example E !i ibcdit? i nn 4 of General Prucessinj; 
' A 



Digital audio data is represented by a series of samples iii I dimension. 



{S,,S,.S... SJ 

10 

Tliis series is also referred to as a sample sUeani. Tlie sample stream approximates an 
analog waveform of soiuid amplitude over time. Each sample represents an estimnte of tJie 
wave ;unplilude at tiie Lnstiuit of time tiie siunple is recorded. For monaui id audio. Uiere 
one such sample saeam. Stereo audio Ls comprised of two sampi: stre;ijns, one 
15 representing die right cluumel. ;ind die oilier representing die left Each sueam is used to 
dri\ e a coiresponding speaker to reproduce tlie stereo soimd. 



What is lefered to as CD qualit}^ audio is characterized by 16 bit (2 byte) stereo samples, 
recorded at 44.1 Kliz, or 44 JOO samples per second in each channel. The dynamic range of 
20 sound reproduction Is dii ecUy propoiiional to tlie number of bits per sample. Some lower 
ciualitA' recordings aie done at 8 bits. A CD audio recording can be stored using any 
scheme for containing tlie 2 sample streams in tlieir entiret)'. When these streams are 
played back at the same frequency they were recorded at, the sound recorded is reproduced 
to a high degree of accuracy. 

25 

Tlie sample stream is processed in order from first sample to last. For tlie purpose of tlie 
invention disclosed, tlie saeam Ls sepai*ated into sample windows, each of which has a 
fixed number of consecutive samples from tlie sti eam, and where windows do not overlap 
in tlie sample saeam. Windows may be contiguous in tlie sample sOream. In this 
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5 discussion assiune each window cont;uiis 1 2S simiples. ;uid Uiat windows ;ue coniiiiiioib;. 
So, the windows witliin the stream look Jike 

{ [S,. S,. S,..S,,,]. [S,,,S,,,.S,,,..S,,.]....[S„,,,..SJ ] 
where [...] denotes each window and any odd samples at Oie end of Uie stieam wliicli do 
1 0 not completely fill a window can be ienored. and simply passed tlirouoh tlie system 
unmodified. 



Tliese windows will be used as ijiput for tlie discrete Fast Fourier Transform ( and iU: 
inverse) operation. 

15 

Briefly, Fouiier Trans fomi meUiods aie basetl on Uie principle fliat a complex wavelbnn. 
expressed as amplimde over tijue and represented by a sample stream, is really Uie sum of 
a nmiiber of simple wavefoniis. each of which oscillate at different frequencies. 

20 By complex, it is meant Uiat die value of Uie next sample is not easily predicted Qoni the 
values of Uie last N siunples or Uie Ume of die simiple. By simple it is nieiuit Uiat Uie value 
of Uie sample is easily predictable from Uie values of Uie last N samples and/or Uie time of 
Uie sample. 

25 Tlie sum of niulUple simple waves is equivalent to Uie complex wave. Tlie discrete FFT 
and its inverse simply translate a limited anioimt of data from one side of tiiis equivalence 
to Uie oUier. between Uie complex wavefonii and Uie sum of simple waves. The discrete 
FFT can be used to U^aiislate a series of samples represenUng ampUtude over time (Uie 
complex wave. represenUng a digital audio recording) into Uie same numbei- of s;mipl( 



les 
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5 representing total specu al energy in a giveii range of frequencies ( Uie simple u ax e 

componenLs ) at a particular instant of time. This insUmt tlie time in Uie middle of Uie 
original ampUtude/time samples. Tlie inverse discrete FFT translates Uie data in Uie oUier 
direction, producing Uie complex wavefonn, from its simpler piuls. 

10 Each 128 sample window will be used as an input to Uie discrete FFT, resuIUng in 12S 

bins representing each of 128 Erequency bands, ranging from OHz to 22Kliz (Uie NyquL^t 
frequency, or 1/2 Uie sampling rate). 

Infomiation can be encoded into Uie audio signal in Uie frequency domain or m Uie time 
15 domain. In Uie latter case, no FFT or inveise FFT Ls necessaiy. However, encoding in Uie 
frequency domain Ls recommended, since its effects are scattered over Uie resulUmt Ume 
domain samples, and not easily predicted. In addiUon, frequency domain encoding makes 
it more likely that randomization will result in noUceable artifacts in the resultant signal, and 
Uieieiore makes Uie stega-ciphei" more defensible against such attacks. It is in Uie frequency 
20 domain Uiat additional information will be encoded into Uie audio signal for Uie pur^iose of 
Uiis dLscussion. Each frequency band in a given time slice can poteiitiaUy be used to store a 
smaU poition of some additional information to l>e added to Uie signal. Since Uiese ai*e 
discrete estimates, Uiere is some room for error which will not significaiiUy effect Uie 
perceived quality of Uie signal, reproduced after modification, by the inverse FFT 
25 operaUon. In effect, intentional changes, which caimot be distinguished from random 

valuations iire intioduced in the frequency domain, for Uie purpose of storing additional 
infonnaUon in Uie sample stream. These changes are minimized so as not to adveisely 
affect Uie perceived qualitx^ of Uie reproduced audio signal, after it has been encoded wiUi 
addiUonal inforaiation in Uie maiuiei' described below. In ad(':*iou, Uie location of each of 
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^ tliese chiuiges is made virtuiilly impossible to predict, lui imiOMition w hich dLstiiiguishes 
tliis scheme from simple stegaiiographic teclmiques. 

Note tliat tliis process differs from Uie Nagata. el patents, 4.979,210 ;ukI 5.073.925. 
which encode information by modulating an audio signal m amplitude/Ume domain. It also 
10 differs in tlial tlie modulations introduced in tlie Nagata process (which aie at ver>' low 
amplitude and frequency relative to tlie aiirier wave as to remain inaudible) carrj^ only 
copy/ don't copy infonnation, which is easily found and ciicum vented by one skilled in tlie 
ait. Also, theie is no limitation in the stega-cipher process as to what tj^pe of mformation 
can be encoded into tlie signal, and tlieie is more mformation storage capacity\ since tlie 
15 encoding process is not bound by any particular frequency of modulaUon but ratlier by tlie 
nmnber of samples available. Tlie granuhuity of encoding in the stega-cipher is detennined 
by Uie sample window size, widi potentially 1 bit of space per sample or 128 bits per 
window (a secure implementation will halve tliLs to 64 bits ). In Nagata. et al. tlie granularitj' 
of encoding is ftxed by Uie amplitude and frequeixry modulation limits required to mauitain 
20 inaudibility . These limits are relatively low, and llierefore make it unpractic^al to encode 
more Uum simple copy/ don't copy infonnation using tlie Nagata process. 
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III. Exajiiple Einbodiinenl of Encoding aiid Decoding 

A modification to standard stegaiiographic teclmique is applied in tlie frequency domain 
desLTibed above, in order to encode additional information into tlie audio signed. 

In a scheme adapted from crj'ptographic techniques, 2 keys are used in tlie actual encode 
and decode process. For the purposes of tliis invention tlie keys aie reiered to as nia^^ks. 
One mask, the primary, is apphed to tlie frequency axis of FFT results, tlie otlier mask is 
applied to die time axis (diis will be called tlie convolution mask). The niunber of hits . . 
comprising the primaiy mask aie equal to tlie sample window size in samples (or tlie 
number of frequency bauds computed by tlie FFT process ), 128 in diis discussion. The 
number of bits in tlie convolution mask are entiiely arbitra^^^ Tliis implementation will 
assiune a time mask of 1024 bits. Generally tlie larger tlie key, the more difficult it is to 
guess. 

Prior to encoding, the primarv^ and convolution masks described above aie generated by a 
ciyptographically secme random generation process. It is possible to use a block cipher like 
DBS in combination witJi a sufficienUy pseudo-random seed value to emulate a 
cryptographically secure i-andoni bit genei-ator. Tliese keys will be saved along witli 
infoniiation matching Uieni to tlie sample stream in question in a database for use in 
decoding, should tliat step become uecessar)^ 

Prior to encoding, some additional infoniiation to be encoded into tlie signal is prepaied 
and made available to tlie encoder, in a bit addressable manner (so tliat it may be read one 
bit at a time). If Uie size of tlie sample streimi is known and Uie efficiency characteristics of 
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tlie stega-cipher iiiipleiiieniaiion aie Uikeii iiilo accoiuu. a kjiown lunil may be iinposeJ on 
iJie aiuouiit of Uiis addilional iiifonnation, 

Tlie encoder captiues one Siunple window at a linie from tlie Siimple sueiuu. in setjuenti:il. 
contiguous order. The encoder tracks tlie sequential number of eacli window it acijuues, 
Tlie fust window is 0. When the number of windows processed reaches tlie number of bits 
in tlie window mask, minus one, tlie next value of tlie window counter will be reset to 0, 

lliis coimtei- is (lie convolution index or phase. In tlie cun ent iniplemetation it is used as a 
simple index intCL_*i^^^^ involution bitmask. Li anticipated developments it will be used to ~ 
perfonn convolution operations on tiie convolution mask to deteniiine which bit to use. 
Tor uis lance tlie mask might by rot;Ued by a number corresponding to tlie phase, in biLs to 
Uie left luid XORed wiUi tlie primai-)' mask to produce a ne\^* mask, which is tlien indexed 
by tlie phase. Tliere aie man\ possibilities for convolution. 

Tlie encoder computes tlie discrete FFT of Uie sample window. 

Stalling witli the lowest frequency band, tlie encoder proceeds tlirough each baud to tlie 
highest, visituig each of tlie 12S frequency bands in order. At each band value, tlie encoder 
takes the bit of tlie prinian' mask coiresponding to tlie frequency band in question, tlie bit 
of tlie convolution mask coiresponding to tlie window in question, and passes tliese values 
into a boolean function. This function Ls designed so tliat it has a neai* perfectly random 
ouq^ut distribution. It will return true for approximately 50% of its input permutations, and 
false for tlie otlier 50'/^. The value letmiied for a given set of inputs is fixed, howevei*, so 
tliat it will always return tlie same value given Uie same set of inputs. 
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If the ftuiction returns Une. tlie ciin enl l"requenc\- b;intl m tlie cuiTent vvuidow is used iii tlie 
encoding process, and represents a valid piece of Uie additional infomiation encoded in tJie 
signal. If tlie ftuiction retmiis false. Uiis cell, as tlie frequency b;uid in a given windou* l< 
called, is ignored in tlie process. In tliis manner it is made extiemely difficult to exaaci die 
encoded infomiation from tJie signal vvitliout tlie use of tlie exact masks used in tlie 
encoding process. This is one place in which tlie stega-cipher process depails from 
traditional stegmiographic implementations, wliich offer a U ivial decode opj>oitunit\^ if one 
knows tlie infomiation is present Wliile Uiis increases tlie infomiation storage capacity of 
tlie cairier signal:4f nr.vi^vs decoding tiivial. and fmtlier degrades tlie signal. Note tliat it is 
possible and desireable to modify^ tlie boolean cell flag function so tliat it returns true < 
50^-^ of tlie time. In general, tlie fewer ceils actually used in tlie encode, tlie more dilllcult 
die}' will be to find and Uie less degradation of content will be caused, provided tlie fmiction 
LS designed coirectly. Tliere Is an obvious tradeoff in storage ca]iacit\^ for tliis increased 
securit)' and qualit} . 

llie encoder proceeds in this maimer until a complete copy of tiie addiUonal infomiation 
has been encoded in the cairier signal. It will be desiieable to have tl\e encoda' encode 
multiple copies ot tlie additional infomiation continuously over tlie diuation of Uie carrier 
signal, so tliat a complete instance of Uiis infomiation may be recovered from a smaller 
segment of a huger signal which has been split into discontinuous pieces or oUierwise 
edited. It is Uierefore desireable to minimize Uie size of Uie infomiation to l^e encoded using 
boUi compact design and pre-encodiiig compression, Uius maximizing redundant encoding, 
luid recoverabilit}' from smaller segmeiiLs. In a practical implementation of UiLs system it is 
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5 likely Uie uiloniKUion u ilJ be fust compressed b\- a kiiown ineUiod. luul Uien encMA-ptod 
using public-key teclmicjues. before beijig encoded uito tlie aurier signal. 

nie encoder will also prep^ue Uie packai.j of addiUonal iiifonnation so Uiai it contains lui 
easily recognizable stait of message delimelei\ wLich can be unique to each encoding iind 
10 stored along wiUi Uie keys, to sen e as a synclironizaiion signal to a decoder Tlie detection 
of tills delimeter in a decoding window signifies tliat tlie decoder can be reasonably sure it 
is aligned to Uie simiple stieani conectly and c.ui proceed in a metliodic window by 
window manner. These delimetei:s will requiie a number of bits which minimizes tlie 
]>robabilit}- tliat tills bit sequence is not rqiroduced in a random occunence, causing :m 
15 accidental misaUgment of tJie decoder. A minimum of 256 bits Is recommended. In Uie 
cmrent implementation 1024 bits representhig a st;u1 of message delimeter :u e used. If 
each :.ample is random. Uien each bit has a 50^;^ probably of matching (lie delimeter and Uie 
cojidiLional probabiUty of a random match would be 1/2' --'. In practice. Uie smnples ;ue 
probably somewhat less Uian random, increasing Uie probabiUtj' of a match somewhat. 

20 

Tlie decode process uses Uie simie masks m Uie same nuuiiier, only in Uiis case Uie 
infoniiaUon is exUiicted one bit at a time from Uie carrier signal. 

Tlie decoder is assimied to have access to Uie jMoper masks used to encode Uie iiifonnation 
25 originally. These masks might be present in a database, which can be mdexed by a value, 
or values computed from Uie original content, in a niannei- insensitive to Uie modificaUons 
to Uie content caused by Uie stega-ciplier process. So, given an arbiti-arj/ piece of content a 
decoder might first process Uie content to geiienite ceitiiin key values, and Uien reUieve Uie 
decode masks associated wiUi Uie matching key values from Uie database. In Uie case ' 
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5 where multiple matches occiu*. or none iL e Ibmid. it i? concei\ able tliat ;ill mi\sk seLN ui tlie 
database could be U ied sequentiiiliy uutu a valid decode achieved, or not. indicatuic no 
iiil'onnation is present. 



In die aiM^lication of Uiis process, it is luiiicipated hai encoding operations may be done on 
a given piece of content up to 3 times, each adding new infonuation aiid using new masks, 
over a sub-segment of tlie content, and tliat decode operations will be done inlrec]uently. It 
is anticipated Uiat should it become necessar}^ to do a search of a large munber of masks to 
find a viilid decode, tliat tliis process c^in be optimized usmg a guessing leclmique based on 
close key matching, and tliat it Ls not a time a itical application, so it will be feasible to test 
huge numbers of potential masks for validit}' on a given piece of content, even it such a 
process t;\kes days or weeks on powerful computers to do a comprehensive seiurh of 
knov\ 11 mask sets. 

llie decode process is slightly different in tlie following respect Whereas tlie encoding 
process cim start at any arbiUary point in the sample stream, the decode process does not 
know where Uie encode process begim (tlie exact offset in samples to tlie sUirt of tlie fiist 
window). Even tliougli tlie encode process, by convention, starts witli sample 0, tlieie is no 
guai antee tliat tlie sample stie;ini has not been edited since encoding, leaving a partial 
window at the start of the sample sU-eam, and Uius retjuiriiig the decoder to find tlie first 
complete wuidow to stail tlie decode. Therefore, tlie decode process will stait at tlie first 
sample, and shift tlie sample window along by 1 sample, keeping the wuidow index at 0, 
until it ctui find a vahd decode delinieter encoded in tlie window. At tliis point, tlie decoder 
knows it has synclironized to tlie encoder, and can tlien proceed to process contiguous 
windows in a more expedient maiuier. 
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5 

Exainj-jle Calculations based on the desa ibed uuplemeniiUion for addinc: copyright 
ceitificate infomiation to CD qualitj' digitd audio: 

In a sli eam of siunples, even^ 12S s:unples wH" contain, on average 64 bits of ceitificate 
10 related infomiation. Digital audio is composed of 16 bit samples, at 44.1 Khz, or 44,100 
samples pei" second. Stereo audio provides 2 stjeams of infonnatio!i at tJiL^ rate, left and 
right, or 88,200 samples per second. That yields approximately 689 contiguous sample 
windows (of 128 samples) per second in which to encode infomiation. Assiune a song is 
4 minutes long, or 240 seconds. Tliis yields 240 * 689 = 165,360 windows, which on 
15 average (50'^- utilization) conUiLn 64 bits (8 bvtes ) each of ceitificate mfonnation. Tliis in 
tmiis gives approxmiately 1291Kb of infomiation storage space per 4 minute stereo song 
(1.2 MB). There is ample room for redundant encoding of uifomiation continuously over 
tlie lengtli of tlie content. Encoding 8 bytes for ever}' 256 bytes represents 3.1% of tlie 
signal mfomiation. Assmning tliat a copyright ceitificate requues at most approximately 
20 2048 bytes (2K), we can encode the same ceitificate in 645 distinct locations witliin tlie 
recording, or approximately even* 37/lOOUis of a second. 

Now to acxroiuit for delimeters and synclironization infomiation. Assumuig a sync maiker 
of 1024 bits to avoid random matches, tlien we could prefix each 2K ceitificate block witli 
25 tliis 1024 bit maiker. It takes 256 windows to store 2K, and imder this proposed scheme, 
tlie fust 16 windows aie resen ed for tlie sync maiker. A decoder could seaich for this 
marker by progressively matching each of the fiist 16 windows (64 bits at a time) agauist 
tlie conespondiiig poition of tlie sync mmkei . The decoder could reset Uie match advancing 
tluough tlie siunple stream, as soon as one window did not confomi to tlie sync maiker, 
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;uid proceed iii UiL^ niiumer imtil it matches 16 conseculive wiiulows lo tlie maiker, at 
which point it is syncluonized. 

Ihider UiLs scheme, 240 wmdows. or 1.92K renuihi remain for storing certificate 
infonnation, which is not umeasouable. 

IV, Possible Problems, Attacks aiid Subsequent Defenses 
A* Randomization 

Tlie attacker simply randomizes tlie least significant bits of each data point in tlie tiansfomi 
buffer, obliterating tlie synclironization signal and tlie watemiaik. While tliis attack can 
remove tlie watennaik. in tlie context in which stega-ciphei* is to be used. Uie problem of 
piracy is kept to a minim mn at least equal to tliat afforded by ti*aditional media, since tlie 
system will not allow an luiwatennai ked piece of content to be traded for profit and 
watennaiks cannot be forged witliout Jie proper keys, which aie computationally difficult 
to obtain by brute-force or crv tamilysis. In addition, if tlie encoding is managed in such a 
way as to maximize tlie level of changes to tlie sample stieam to be just at tlie threshold 
below human ]>erception. and tlie scheme is implemented to anticipate randomization 
attempts, it is possible to force tlie randomization level to exceed the level tliat can be 
j>erceived and aeate desuiictive artifacts in tlie signal, in much tlie same iiiiiimer as a VHS 
cassette can be manufactured at a minimal signal level, so tliat a single copy results in 
unwatchable static. 

B, Low Bit-Depth Bitmaps (black & white images) 
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5 llie-se biUnaps u ould Iv loo scnsitn e lo Uie siegiuiiZaiKUi jMOcess. resuku)g in miaccoptalMc 
signal degradation. ;u)d so are not good c;uKiidates for the stega-cipher process. 'Ilie 
prohleni may be circujn \ enled hy innaling bil-depLli. altJiough il^iis is lui iiieftlcienl use of 
space luid l^andvvidth. 

10 C. Non-Integer Transforms 

Tlie FFT is used to generate spectral energy infonnation for a given audio signal. Tliis 
infonnation is not usually in integei* fomiat. Computers use metliods of approximacion m 
tliese cases to represent tlie real nmnbers (wliole numbers plus fractional amounts). 
Depending on tlie exact value of Uie number u* be represented slight enors. j>roduced bv 
1 5 rounding off tiie ueaiest real number tliat can be completely specified by tlie computer 
occiu. Tliis will produce some nuidomizalion in tlie least significnmt bit or bits. In otlier 
words, tlie same operation on tlie same sample window might yield slightly different 
transfomi values each time. It possible to circumvent tliLs problem using a modification 
to tlie simple LSB steganosraphic technique described later. Instead of looking at tlie LSB 

^ ih^ st-eoOL'Gj'joheroan 

to 20 ^W n icbt bc!'{!i^i ! j fi bl(j K> use an energy cjuantization leclmique in njace of tlie LSB nielliod. 

Soiiie \ ariant of rounding tlie specUiU energy values up or down, witli a gnmularit)' greater 
tlian tlie roiuiding eiTor should work, without signillcaiitly degrading tlie outj^ut samples. 

V. A Method and Protocol For Using the Siega-Cipher 

25 

Tlie aj>paraais described in the claims below oj>erates on a window by window basis over 
tlie simiple stream. It has no knowlege of tlie nanue of tlie specific message to be encoded. 
It merely indexes into a bitstieam, and encodes as many of tliose bits as possible into a 
given sample window, usmg a maji deleniiined by tlie given masks. 
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Tlie value of encoding infomialion into a single window in tlie sample stieain us'ma such 
;in apj)aratus may not be inlierently appaient imtil one examines Uie manner in which such 
inronnation will be used. Tlie protocol discussed in Uiis section details how messages 
which exceed aie encodmg capacity of a single sample window (12S samples ) may be 
assembled from smaller pieces encoded in the individual window s and used to defend 
copyright^ in an online situation. 

An average of 64 bits c^an be encoded into each wmdow, which equals only S bytes. 
Messages huger tlian 8 bytes can be encoded by simply dividing tlie messages up and 
encoding small poitions into a su ing of consecutive windows in tJie s;miple sUemii. Since 
Uie keys deteimine exactly how many bits will be encoded per window, ;uid an element of 
nindomness is desiiable, as opposed to perfect predictabilit3^ onecaimot beceilain exactly 
how many bits are encoded into each window. 

Tlie stiul of each message is maiked by a special si;ui of message deiimeler, which, as 
discussed above is 1024 bits, or 128 bytes. Tlieiefore, if precisely 8 bytes iire encoded per 
window. Uie first 16 windows of any useable message in tlie system described heie aie 
resei-\ ed for tlie stiul of message delinieter. For tlie encoder, Uiis scheme presents little 
challenge- It simply designates tlie fust sample window in Uie stieani to be window 0, ;uid 
proceeds to encode Uie message delimeter, bit-lw-bit uito each consecutive window. As 
soon as it h;is processed Uie last bit of Uie SOM dehmeter it continues by encoding 32 bits 
representing Uie size, ui bytes of Uie complete message to foUow. Once- Uie 32nd and fuial 
bit of Uie size is encoded. Uie message itsell' Is encoded into each consecuUve window, one 
bit at a tune. Some wmdows may contain more encoded bits Uien oUiers, as dictated by Uie 
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nuvsks. As tlie encoder processes each wuidou iii die content it increments; iis u iiidou 
counter. It uses tJiis coimter to index into tlie window mask. If tlie number of windows 
requiied to encode a complete message is greater tlian tlie size of tJiis m;i5k. 256 biL^ in iJiis 
case, or 256 windows, then it siniply resets tlie countei* after windov\ 255. luul so on. until 
a complete message is encoded. Ii c;ui Uien start ovei . or stail on a nev\ message. 

Tlie decoder has a biggei* cliallenge to face. The decoder is given a set of masks, just like 
encoder. Unlike tlie encoder, tlie decoder caimot be sure tliat the fust series of 128 samj>les 
it recieves iue tJie window 0 stail of message, encoded by tlie decodei*. llie siunple sti eam 
origuially produced by an encoder may have been editted by clipping its ends nmdomh' or 
splicing pieces togetliei*. In tliatcase, tJie paiticulaj- copy of tlie message lliat was clipped is 
luuecoveiable. Tlie decoder has tlie st:ut of message delimeter used to encode Uie message 
Unit tlie decoder is looking for. In tlie inital stale, tlie decoder assumes tlie fust window it 
gets LS window 0. It tlien decodes tlie proj^ei" number of bits dictated by tlie masks it was 
gi\ eii. It compaies tliese biL^ to tlie conespondiiig biLs of Qie stait of message delimeter. If 
tliey match, tlie decodei* assumes it is still aligned, increments tlie window counta- and 
continues. If tlie bits do not match, tlie decoder knows it is not aUgned. In Uiis case, it shifts 
one more sample onto tlie end of the sample buffer, discaiding the fust sample, and sUuts 
ovei-. The window counter is set to 0. The decoder seaiches one sample at a lime for an 
alignment lock. Tlie decoder proceeds in this niamier until it has decoded a complete match 
to tlie st;u1 of of message delimeter or it exhausts tlie sample stream witliout decoding a 
message. If tlie decoder can match completely tlie start of message delimeter bit sequence, 
it switches into aligned mode. Tlie decoder will now advance tliiough tlie simiple sUe;\m a 
full window at a time (128 samples). It proceeds imUl it has tlie 32 bits specify'ing Uie 
message size. TliL^ geneially won't occupy more than 1 complete window. When tlie 



decoder has locked onio tlie sum of message deliineter ;md decoded Uie message size, it 
can now proceed to decode as many consecutive additioniil windows as necessaiy until it 
has decoded a complete messsage. Once it has decoded a complete message, tlie slate of 
tlie decoder can be reset to lui-syncluonized luid tlie entiie process c;ui be repeated stiu ting 
witli tlie next 12S sample window. In tliis nuuiner it is not absolute!) necess;u;\* tliat 
encoding windows be contiguous in tlie sample stieam. Tlie decoder is capable of h;uidling 
random inten als between tlie end of one message and tlie stait of anotJier. 

It is unpoi*tant to note tliat tlie ciiruit for encoding and decodmg a sample window does not 
need to be aw;ire of tlie natiue of tlie message, or of any stinctrue beyond llie staii of 
message deiimeter and message size. It only needs to consider a single sample window, its 
own state (whetliei* llie decodei* is niis;iligned, syncluonizing, or sy ncluoiiized ) ;ind what 
bits to encode/decode. 

Given tliat the stega-cipliei- appiuatus allows for tlie encoding and decoding of aibili'iuy 
messages in thLs maimer, how can it be used to protect copyrights? 

Tlie most impoiliint aspect of the stega-cipher in tliis respect is tliat fact tiiat it makes tlie 
message intes^ral witli tlie content, and difficult to remove. So it caimot be eliminated 
simply by removing ceitain infoniiation prepended or appended to tlie sample stieimi 
itself. In fact, removing an aibitraiy chunk of Siuiiples will not geneially defeat tlie stega- 
ciphei' either. 

Given tliat some infoniiation can be tlius integrated witli tlie content itself, tlie question is 
then how best to take advantage of tliis aiTangeiiient in order to protect copyrights. 
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Tlie rollowiiig protocol detaU.s how the siega-cij^her will be exploited to protect cojn rigta^ 
m tlie digital domain. 

In a tj;uisaction involving tlie tiiuisfer of digitized content, tliere lue at least 3 riuictions 
involved: 

Hie Autliority is a tins ted arbitiator between tlie two otlier fiiiictions listed below, 
representing parties who actually engage in tlie ti*ansfei* of tlie content The Autliorit\' 
maintains a database containing information on tlie piuticulai* piece of content itself and 
who tlie ^^vo parties engaged in aansfering tlie content ore. The Aulliorit\^ can perfomi 
stega-ciphei* encoduig and decoding on content. 

Tlie Publisher, or online dLstr ibutor is tlie entitx' which is sending tlie copyrighted content to 
anotlier pait}'. The Publisliei- can j>erfonn stega-cipher encoding and decoding on content 

Tlie Consimier is tlie person or entit}- receiving the copyrighted content, genenilly m 
exchange for some consideration such money. The consiuner cannot generally perfomi 
stega-cipher encoding or decoding on content 

Each of tliese parties can participate in a message exchange protocol using well known 
public-key cryptographic techniques. For instance, a system licensing RSA public key 
algoritluns might be used for signed and encrypted message exchange. This means tliat 
each pi\i-t\' maintains a public key / private key pair, and tliat tlie public keys of each pait}' 
aie freely available to any otlier pait}'. Generally', tlie AuUioritx' communicates via electionic 
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liiiks diiecily only to Uie Publisher ;uk1 tlie CouSiuuer comnumicaies tliieclh oiiK witli the 
publisher 

Below Ls im exiiniple of how tlie protocol 0]>ei"ates Iroiii tlie time a piece of conteni enters 
au electionic disdibutiou system to tlie tiiue it is deliveied to a Consiuner. 

A coj>yright holder (an independent artist, music publisher, movie studio, etc.) wishes to 
retxiil a particulai* title online. For instance, Siie Records Company might wish to disti ibute 
tlie latest single from Seal, one of tlieir music^al ;ii1ists, online. Sue delivers a master cojn 
of tliLs single, "Prayer for tlie Dying", to tlie Autlioritj', Etliical Inc. Etliical conveit*^ (he 
title into a foniiat suitable for elecuonic disQibuiion. This may involve digitizing ;in luinlog 
recording. The title has now become content in tlie context of tliis online distiibution 
system. Tlie title is not yet available to luiyone except Etliicnil Inc., luul has not yet been 
encoded witli tlie stega-cipher watenmu k. EtliicaJ generates a Title Identifiaition and 
Autlienticaiion (TIA ) ceitificate. The ceitillcate could be in any foniiat. In tliis exiuiiple it Ls 
a short text file, readable with a small word-processing program, which contains 
iiifomiation identifying 

Uie title 
tlie lutist 

tlie copyright holder 

tlie body to which royalties should be paid 

general terms for publisheis* distribution 

;uiy otlier infoniiatioii helpful in ideiitifx'ing tliis content 
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Etliical tlien sign.^ tJie TIA wiUi its own jni^ ate key. :md encrypts tlie TIA ceitillcate j>Iu5 ii^ 
signaaire willi its own public key. Thus, tiie Etliiciil can deciypt tlie TIA certificate at a later 
time ;uk1 know (Jiat it generated the message and tliat tiie content^ of tlie message haw not 
been changed since generation. 

Sire Records, which ultimately controls disti ibution of tlie content communicaies to tlie 
Etliical a specific online Publisher tliat is to have tlie right of distiibution of (liis content. 
For instimce, Joe's Online Emporiiuii. Tlie Autliorit>'\ Etliical Inc. Ciui Hiuismit a short 
agreement, the DL^ti ibution Agreement to tlie Publisher, Joe's Online Emporium which 

hsts 



tlie content title 

tlie publLslier's identification 

tlie teniis of distribution 

;uiy consideration paid for tlie right to distribute tlie content 
a brief statement of agreement witli all terms listed above 

Tlie Publisher receives tliis agreement, ajid signs it using its private key. Thus, any pait}^ 
witli access to tlie Joe's Online Emporiimrs public key could verif^' tliat tlie Joe*s signed 
tlie agreement, and tliat tlie agreement has not been chimged since Joe's signed it The 
Publishei- ti-ansniits tlie signed Distribution Agreement to the Autliorit}'. Ethical Inc. 

Etliical Inc. now combiiies tlie signed TIA ceilificate ;ind tlie Distiibution Agreement into a 
suigle message, and signs tlie entiie message using its private key. Etliical has now created 
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a Publisher Identification message to go into it5 own siega-cipiier chiuuiel in tJie content. 
Etliical Inc. now generates ne\^- stega-cipher masks and encodes tins message into a copy 
of tlie content using a stega-cij>lier encoder. TJie Autiiorit\ saves tlie masks as a Receipt iji 
a database, along witli information on tlie detiiik of tlie tnmsfer, mcluding tlie title, lutisi 
and publisher. 

Ethical tlien tiimsfers tliis wateniiaiked copy to tlie Joe's Online Emporium, tlie Pul^lLsher. 
Well known encr}'ption metliods could be used to protect tlie ti"ansfer betw een tlie 
Autliority and tlie Publisher. The Authorit}^ may now destroy its copy, \\iiicli tlie PubUslier 
has received. The Publisher, Joe's Online Emporiimi now assumes responsibilitx' for any 
copies made to its version of tlie content, which is a Publisher Master copy. 

Finally, tlie Consumer, Jolm Q, Public wishes to puidiase a copy of tlie content from Joe's 
Online Emporium. Joe's Eniporiiuii sends llie Jolm Q. Public a short agreement via an 
elecHonic conimmiication link, similai to Publtshei 's Distiibution A<ireement. onlv tliis is 
a Puidiase Agreement, which ILsts 

tlie content title 

consumer identification 

tlie terms of distribution 

Llie consideration pas for the content 

a brief statement of agreement witli tiie terms above 

Jolui Q. Public signs tliLs agreement witli his private key mid retimis it to tlie Joe's Online 
Emporiimi. The Publisher, Joe's prepares to encode its own steg:. cipher wateraiark onto a 



copy of the conient by peneraliiig a set oT masks for tJie algoriUmi. Joe s Online 
Eiuporiiini tlien stores these masks (a receipt) ui its own database, indexed by title and 
consiuner. Joe's Online Emporiiun signs tJie agreement received from Jolui Q. PubUc 
witli tlie Eniporiiuii's own private key, and forwaids it to the AutJiorit}\ Etliic;xl Inc.. along 
witli a copy of tlie masks. It is impoitant to note Unit tliis coniniiuiication should be done 
ovei- a seemed chaimel. The Autliorit}^ veiifies the Publishei* and Consumer infonnation 
and adds its own signatiue to tlie end of tlie message, approving tlie ti misaction. creating a 
Contract of Sale. The Autliorit)' adds tlie Publisher's receipt (mask set) to its datiibiise, 
indexed by Uie title, tlie pubhsher, and tlie consmiier identification. The Autliorily s'v^ns tlie. 
Contract of Sale by enaypting it witli tlieii" private key. So anyone witli tlie Autliorit\ *s 
public key (any Publisher) could decrypt die Conuact of Side and verif}' it. once it was 
exti*acted from tlie content. The Publisher tlien tiansmits tlie signed Contiact of Sale back to 
Uie Pubhsher, who uses a stega-cipher device to imprmt tliis Contiact ;is its own wateniuuk 
ovei- tlie content- Tlie PublLshei' tlien tiansniiLs tlie newly watermarked copy to (lie 
Consiuiier. who is accepting responsibility for it The Publisher destioys tlieii* version of 
tlie consumer's copy. 

If this procedure Is follovved for all content dLsd ibution wiUiin such an online system tlien it 
should be possible for die AuUiorit}' to identih' Uie owner of a piece of content which 
appe;u*s to be luiautliorized. Tlie Autliority coukl simply tiy its database of stega-cipher 
keys to decode tlie watemiaik in tlie content in question. For instance, if a copy of Seal's 
latest single originally distiibuted with stega-cipher watermarks showed up on an Internet 
ftp site die Autliorit)' should be able to extract a TIA Certificate and Distribution 
Agreement or a Contiact of Sale identifj'ing tlie responsible party. If a Publishei- sold tliLs 
particulai copy to a Consumer. Uiat pailiculai* publisher should be able to extr act a ConU*act 
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of Sale, which places responsibility wiUi Uie Consiunei , Tliis not a lunecriiical 
apphcation, so even if it takes days or weeks, it i*? stiU wortli while. 

In a modification to Uie protocol discussed above, each Publisher might act as its own 
Authority', iiuwever, m the context of online sen* ices, this could open avenues of fraud 
committed by tlie collusion of certain Publisheis and Consumers. LLsing ;in Autlioriij . or 
one of seveial available Autliorities to keep records of Publisher-Con^iuner tiansiictions 
luid vei'if)' tlieij- details decTeases tlie likeliliood of such events. 

It should also be obvious that a similar watennarkin^i svsteni could be used bv an 
indivitlual entity to vvatemimk its own content for its own puiposes. wetlier online or in 
physical media. For instance, a CD manufactiuer could incorporate unique stega-cipher 
watemiarks into specific batches of its compact discs to mdeutif\' tlie soiuce of a piiate 
ring, or to identifj' unauthorized digital copies made from its discs. Tliis is possil')le because 
tlie stega-cipher encoding works witli tlie e.xisting fonnats of digital samples and does not 
add any new suoictures to tlie sanipe data tliat cannot be handled on electronic or 
mecluuiical systems which predate tlie stega-cipher. 

VI. Increasing Confidence iii the Slega-Cipher 

Tlie addition of a special pre-encoding process can make stega-cipher ceilificates even 
more secuie and undeniable. Hash values may be incorporated which match exactly the 
content containing tlie watemiaik to tlie message in tlie waleniiark itself. This allows us a 
verification tliat tlie watermaik decoded was encodetl by whomevei' signed it into tliis 
precise location in tliis specific content 
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one- wa> ,u.h function over each .ainplo in each s.up.o window that wili conUu-i the 
„.e.s-a,e. The h..h st.^s vviU. a seed value. a.id each .;unple UuU would be pioces.od h> 
a,e enJoder when encoduig Uie tuessage .s mco.porate.i oUo U^e h..h a. ,t .5 p.oc.sed. 
10 TlK- .esult a 256 bit nu.nlv. oiie cm be highly confident L. uinque. o. sufficenU) ..uv to 
n>;ike .nte.Uion.dly duplicating it w.U. -.uiotl^e,- .eries of s.un,>les difficult. 

U . unpo.-,a.U tl.at the hash function be u>.e..s,tix e ,o to an> cluu.ge. m d.e sa..iple. 
chiced by the .teea-ciphe,- ii.elf For u^.tance. o,.e .n.gh. igno.e U.e least signiHcmt hi. of 

Uie hash fui.clion. if theslega-cpherwas iinple.nentod using 



in 

15 each sample when conipuiuig 

a lea<^t sienificanl bit encode mode 



Ba.ed on the sb.e of U,e non-hash n.essage. one knows U»e hash-inclus,ve inessage 
requires 32 .noie bytes of space. 0..e can now calculate U,e size of a s.g-.ed encrj.^ted copy 
20 of UiLS .i.essage by s.g.iuig a.id eiic.yptn.g exacUy as .n.un- nxndon. bytes as are m U>e 
.nessage. and n.easuiing d.e size of me outi>ut m bytes. One now la^ows Uie size of tl^e 
.uessage to be e.^coded. One ca.. pre-p.ocess tlK san.ple stieain as follows. 

-ihrouf^h above 

Proceed-tecmprthe stega-cipher encode loop as described-iirAe^temis. Instead of 

A 

2 5 encoding, however, calculate hash ^-alues for each window series which wfll contain the 
message, as each sample is processed. At the cad of each instance of ' encodina" take the 
resultani hash value and use it to create a unique copy of the message which includes the 
hash value particular to the senes of sample windows that wUlbe used to encode the 
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5 messa-e. Sign iukI enaypt ilii5 copy Uie niessaee. ;uk1 >ax c ii tor .micuJuil! ui Uie s:unc 
place 111 the sanipio -treani 

\ memoi^-e^feieaev^ion of this scheme could keep on hand the im-hashed message. 
A 

and as it creates each new copy, back up in the sample stream to the first window in die 

10 series ;uid actually encode each niessaoe. disposing of it aftervvaids. 



The iinportant result Ls evident on decoding. Tlie decoding paitj^ can calculate tlie same 
hash used to encode the message for Uiemselves. but on tlie encoded simiples. If the value 
calculated by tlie decoding pait}^ does not match tlie value contained in tlie signed niesrsage. 
15 tlie decouLr is aleited to tlie fact tliat tliis vvateniuuk was a;iiis planted from somewhere 
else. Tliis L? possible only with a hash function which ignores the changes made by tlie 
stega-ciplier iifter Uie luisli in tlie wateniiaik was generated. 

Tliis scheme makes it imjiossible to Uansplant watemiarks, even witli tlie keys to tlie stega- 
20 cipher. 
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